#!/bin/bash

# 初始化CentOS 7基础环境配置脚本
# 功能：系统安全设置、yum源优化、基础工具安装、区域配置

# 强制以root权限运行
if [ "$(id -u)" != "0" ]; then
    echo "错误：本脚本需要以root权限运行！"
    exit 1
fi

# 定义颜色代码
RED='\033[31m'
GREEN='\033[32m'
YELLOW='\033[33m'
NC='\033[0m'

# 0. 安全警告确认
echo -e "${YELLOW}本脚本将执行以下敏感操作："
echo -e "1. 永久关闭防火墙"
echo -e "2. 禁用SELinux"
echo -e "3. 修改系统核心配置${NC}"
read -p "是否继续？(y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
    exit 0
fi

# 1. 关闭防火墙
echo -e "${YELLOW}[1/11] 关闭防火墙...${NC}"
systemctl stop firewalld 2>/dev/null && echo -e "${GREEN}防火墙服务已停止${NC}" || echo -e "${YELLOW}防火墙未运行${NC}"
systemctl disable firewalld 2>/dev/null && echo -e "${GREEN}防火墙开机禁用成功${NC}"

# 2. 禁用SELinux
echo -e "${YELLOW}[2/11] 配置SELinux...${NC}"
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
setenforce 0 2>/dev/null
echo -e "${GREEN}SElinux已临时禁用，重启后永久生效${NC}"

# 3. 时区配置 (新增)
echo -e "${YELLOW}[3/11] 配置系统时区...${NC}"
timedatectl set-timezone Asia/Shanghai
echo -e "${GREEN}当前时区: $(timedatectl | grep "Time zone")${NC}"

# 4. NTP时间同步 (新增)
echo -e "${YELLOW}[4/11] 配置时间同步...${NC}"
if ! rpm -qa | grep -q chrony; then
    yum install -y chrony
fi

# 配置阿里云NTP
cat > /etc/chrony.conf <<EOF
server ntp.aliyun.com iburst
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
server ntp3.aliyun.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
logdir /var/log/chrony
EOF

systemctl restart chronyd
chronyc makestep
systemctl enable chronyd
echo -e "${GREEN}NTP状态: $(chronyc tracking | grep "Leap status")${NC}"

# 5. 语言环境配置 (新增)
echo -e "${YELLOW}[5/11] 配置系统语言...${NC}"
yum install -y glibc-common
localedef -v -c -i en_US -f UTF-8 en_US.UTF-8 >/dev/null 2>&1
localedef -v -c -i zh_CN -f UTF-8 zh_CN.UTF-8 >/dev/null 2>&1

# 设置系统语言为英文（如需中文可改为zh_CN.UTF-8）
echo 'LANG="en_US.UTF-8"' > /etc/locale.conf
source /etc/locale.conf
echo -e "${GREEN}当前语言环境: $(locale | grep -E 'LANG|LC_CTYPE')${NC}"

# 6. 备份原始yum源
echo -e "${YELLOW}[6/11] 备份系统源...${NC}"
cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup 2>/dev/null || {
    echo -e "${RED}错误：CentOS-Base.repo文件不存在！${NC}"
    exit 1
}

# 7. 配置阿里云基础源
echo -e "${YELLOW}[7/11] 配置阿里云源...${NC}"
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo || {
    echo -e "${RED}错误：阿里云源下载失败！${NC}"
    exit 1
}

# 8. 清理旧缓存
echo -e "${YELLOW}[8/11] 清理缓存...${NC}"
yum clean all
yum makecache

# 9. 安装下载工具
echo -e "${YELLOW}[9/11] 检查下载工具...${NC}"
if ! command -v wget &>/dev/null; then
    echo "安装wget工具..."
    yum install -y wget || {
        echo -e "${RED}错误：wget安装失败！${NC}"
        exit 1
    }
fi
# 10. EPEL源管理
echo -e "${YELLOW}[10/11] 配置EPEL源...${NC}"
yum install -y epel-release
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup 2>/dev/null
wget -O /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo

# 11. 安装基础工具包
echo -e "${YELLOW}[11/11] 安装常用工具...${NC}"
yum install -y net-tools tree lrzsz vim unzip telnet bash-completion
echo -e "${GREEN}已安装：网络工具/目录树/文件传输/编辑器/解压工具${NC}"

# 最终状态确认
echo -e "\n${GREEN}✔ 系统初始化完成${NC}"
echo -e "核心配置状态："
echo -e "时区设置: $(date +'%Z %z')"
echo -e "系统语言: $LANG"
echo -e "NTP同步: $(chronyc sources | grep ^^\* | awk '{print $2}')"

echo -e "\n${YELLOW}操作提示："
echo -e "1. 语言环境更改需要重新登录生效"
echo -e "2. 检查时间同步：chronyc tracking"
echo -e "3. 查看完整时区列表：timedatectl list-timezones"

